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In the modal /i-calculus, a formula is well-formed if each recursive variable occurs underneath an 
even number of negations. By means of De Morgan’s laws, it is easy to transform any well-formed 
formula (p into an equivalent formula without negations - the negation normal form of (p. Moreover, 
if (p is of size n, the negation normal form of (p is of the same size The full modal /r-calculus 

and the negation normal form fragment are thus equally expressive and concise. 

In this paper we extend this result to the higher-order modal fixed point logic (HFL), an extension 
of the modal /r-calculus with higher-order recursive predicate transformers. We present a procedure 
that converts a formula of size n into an equivalent formula without negations of size ^(n^) in the 
worst case and ff{n) when the number of variables of the formula is fixed. 


1 Introduction 

Negation normal forms are commonplace in many logical formalisms. To quote only two examples, 
in first-order logic, negation normal form is required by Skolemization, a procedure that distinguishes 
between existential and universal quantifiers; in the modal -calculus, the negation normal form ensures 
the existence of the fixed points. More generally, the negation normal form helps identifying the po¬ 
larities ifTSl of the subformulas of a given formula; for instance, in the modal /r-calculus, a formula in 
negation normal form syntactically describes the schema of a parity game. 

Converting a formula in a formula without negations - or with negations at the atoms only - is 
usually easy. By means of De Morgan’s laws, negations can be “pushed to the leaves” of the formula. 
For the modal -calculus without propositional variables, this process completely eliminates negations, 
because well-formed formulas are formulas where recursive variables occur underneath an even number 
of negations. Moreover, in the modal /i-calculus, if cp is of size n, the negation normal form of (p is of 
the same size 

The higher-order fixed point modal logic (HFL) ll^ is the higher-order extension of the modal 
/r-calculus. In HFL, formulas denote either predicates, or (higher-order) predicate transformers, each 
being possibly defined recursively as (higher-order) fixed poinfs. Since HFL was infroduced, if was 
never suggested that negation could be eliminated from the logic. On the contrary, Viswananthan and 
Viswanathan Il20l motivated HFL with an example expressing a form of rely guarantee that uses negation, 
and they strove to make sure that HFL formulas are correctly restricted so that fixed poinfs always exisf. 
Negation normal forms in HFL would however be interesting: they would simplify the design of two- 
player games for HFL model-checking Q, they could help defining a local model-checking algorithms 
for HFL, they might help to define the alternation depth of a HFL formula, etc. 

We show that HFL actually admits negation elimination, and that like for the modal /r-calculus, 
every HFL formula can be converted into a formula in negation normal form. The negation elimination 
procedure is more involved due to higher-ordemess. As a witness of this increased complexity, our 
negation elimination procedure has a worst-case quadratic blow-up in the size of the formula, whereas 
for the /r-calculus the negation normal form is of linear size in the original formula. 
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Related Work Other examples of higher-order recursive objects are the higher-order pushdown au¬ 
tomata ifnl ldl. or the higher-order recursion schemes (HORS) l|6l[l2l|5l|T8]|. Whereas the decidability of 
HFL model-checking against finite transition systems is rather simple, it took more time to understand 
the decidability of HORS model-checking against the ordinary (order 0) modal /r-calculus. This situation 
actually benefited to HORS: the intense research on HORS produced several optimized algorithms and 
implementations of HORS model-checking |12|9j[T9l, whereas HFL model-checking remains a rather 
theoretical and unexplored topic. HORS can be thought as recursive formulas with no boolean connec¬ 
tives and least fixed poinfs everywhere. On fhe opposife, HFL allows any kinds of boolean connectives, 
and in parficular a form of “higher-order alfemafion”. 


Outline We recall fhe definition of HFL and all useful background abouf if in Section 2. In Section 3, 
we skefch fhe ideas driving our negation eliminafion and infroduce fhe notion of monofonizafion, a corre¬ 
spondence befween arbifrary funcfions and monofone ones fhaf is af fhe core of our negafion elimination 
procedure. We formally define fhe negafion eliminafion procedure in Secfion 4, and make some conclud¬ 
ing remarks in Secfion 5. 


2 The Higher-Order Modal Fixed Point Logic 

We assume an infinife sef Var = {X, T,Z,...} of variables, and a finife sef £ = ... } of labels. For¬ 

mulas (p,Y, of fhe Higher-Order Modal Fixed Poinf Logic (HFL) are defined by fhe following grammar 

(p,\j/ ::= T I (p V I - 1 ( 1 ) I {a)(p \ X \ (p \ (p xj/ \ jxX'^. (p 

where a fype T is eifher fhe ground fype Prop or an arrow fype a'’ —> T, and fhe variance v is eifher -|- 
(monofone), or — (anfifone), or 0 (unresfricfed). For insfance, Ti = (Prop^ ^ Prop)+ —> (Prop® —> Prop) 
is a fype, and (pi = ^Prop,+ ^yProp.o ^^Prop -iF) v {a){Z\/->Y) is a formula. The sefs 

fv((p) and bv((p) of free and bound variables of (p are defined as expecfed: fv(X) = {X}, bv(X) = 0, 
fy(XX. (p) = fv(/iX. (p) = fv((p) \ {X}, bv(AX. (p) = bv(/rX. (p) = bv((p) U {X}, efc. A formula is 
closed if fv((p) = 0. For simplicify, we resfricf our affenfion fo formulas (p without variable masking, i.e. 
such fhaf for every subformula AX. \j/ (resp. /rX. t/r), it holds that X 0 bv(t/r). 

Another example is the formula 92 = (AfP''°p"^P''°P'+. ^uX^^p. F X) -. ^F). This formula 

can be j3-reduced to the modal -calculus formula <P 2 = ftX^'’°P. -iX, which does not have a fixed poinf 
semanfics. Avoiding ill-formed HFL formulas such as (p 2 cannof Jusf rely on counfing fhe number of 
negafions befween jJtX and fhe occurence of X, if should also fake info accounf funcfion applications and 
fhe confexf of a subformula. 

A fype Judgemenf is a fuple EY (p : z, where F is a sef of assumptions of fhe form X'’: T. The fyping 
environmenf -■£ is fhe one in which every assumpfion X'' : T is replaced wifh X^'’ : T, where —h = —, 

-= -f, and —0 = 0. A formula (p is well-fyped and has fype T if fhe fype judgemenf h (p : T is derivable 

from fhe rules defined in Fig. [T] Infuifively, fhe fype judgemenf Xj * : Ti,... ,X^’" : T„ h (0 : T is derivable if 
asssuming fhaf X,- has fype T,, if may be infered fhaf (p has fype z and fhaf (p, viewed as a funcfion of X,, 
has variance v,-. For insfance, Y (pi : Zi, where (pi and Zi are fhe formula and fhe fype we defined above, 
buf <p 2 cannof be fyped, even wifh differenf fype annofafions. 

Proposition 1 ilAQi/ If F Y (p : z and T Y ^ : z' are derivable, then z = z', and the two derivations 
coincide. 
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r\- q): T rhi/AiT 


-■r h (p : T 
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F h (p ip : T 


Figure 1: The type system of HFL. 


If (p is a well-typed closed formula and ip is a subformula of (p, we write type(ip/(p) for the type of 
Xj/ in (the type derivation of) (p. 

A labeled transition system (LTS) is a tuple ^ = {S, 5) where S is a set of states and 6 C S xLx S 
is a transition relation. For every type T and every LTS ^ = {S,5), the complete Boolean ring of 
interpretations of closed formulas of type t is defined by induction on t: ^[Prop] = 2^, and —)■ tJ 

is the complete Boolean ring of all total functions / : =!A|{a]] —)■ ^[t] that have variance v, where all 
Boolean operations on functions are understood pointwise. Note that since .iXl'c} is a complete Boolean 
ring, it is also a complete lattice, and any monotone function f : ^ admits a unique least 

fixed poinf. 

A ^-valuation p is a function fhaf sends every variable of fype T fo some elemenf of ^ |t]] . More 
precisely, we say fhaf p is well-fyped according fo some typing environment F, which we write p ^ F, 
if p{X) € for every X'’ ■. z in F. The semantics (p : zj of a derivable typing judgement is 

a function that associates to every p ^ F an interpretation 5^[[F h (p : T]](p) in this interpretation 

is defined as expecfed by induction on fhe derivation free (see |[20]| for defails). For a well-fyped closed 
formula tp of fype Prop, a LTS = {S, 5) and a sfafe s £ S, We write s (p if s £ (p : Prop]. 

Example 1 Let z^ = (Prop+ —> Prop)+ —> Prop+ Prop and (p 3 = 

(GX)V(F {G Y)) X)) {a)Z) {b)T. 

Then x |= <P 3 ijf there is n>0 such that there is a path of the form a^"b starting at s. Since {cP'''b | n > 0} 
is not a regular language, the property expressed by tp^ cannot be expressed in the modal p-calculus. 

Proposition 2 l[20\l Let SZ = (S, 5) be a LTS and let s,s' £ S be two bisimilar states of SZ . Then for any 
closed formula tp of type Prop, s 1=^ (p iff s' \=^ (p. 

We assume fhe sfandard nofafions A, [a] and vX. (.) for fhe conjunction, fhe necessify modalify, and 
fhe greafesf fixed poinf, defined as fhe duals of V, {a) and pX. (.) respectively. 

Definition 1 (Negation Normal Form) A HFLformula is in negation normal form if it is derivable from 
the grammar 


(p, ip ::= T I _L I (p V ip' I (p A ip' I {a)q) \ [a]q) \ X \ AX^.(p | (p ip | pX'".tp \ vX'^.tp 


where the z are monotone types, i.e. types where all variances are equal to +. 
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Note that since all variances are +, we omit them when writting formulas in negation normal form. 
We say that two formulas (p, t/r are equivalent, (p = t/r, if for every type environment F, for every LTS 
for all type z, the judgement F h (p : T is derivable iff F h y/ : T is, and in that case (p : z} = 

n^Eyff-.zl 

Model-Checking We briefly recall the results known about the data complexity of HFL model-checking 
(see also the results of Lange et al on the combined complexity [Ij or the descriptive complexity lfT4l of 
HFL and extensions). 

Note that if = (5,5) is a finite LTS, then for all type z, the Boolean ring ^[zj is a finite set, and 
every element of ^ [t] can be represented in extension. Moreover, the least fixed point of a monotone 
function / : —)■ ^\z\ can be computed by iterating / at most n times, where n is the size of the 

finite boolean ring 

The order ord(T) of a type ris defined as ord(Prop) =0 and ord(a'' — t) = max(ord(T), 1 +ord(a)). 
We write HFL(k) to denote the set of closed HFL formulas tp of type Prop such that all type annotations 
in (p are of order at most k. For every fixed (p € HFL(k), we call MC((p) the problem of deciding, given 
a LTS ^ and a state s of wether s \=^ (p. 

Theorem 3 /[7]/ For every k > for every (p G HFL(k), the problem MC((p) is in k-EXPTIME, and there 
is a \j/i^ ^ HFL(k) such that is k-EXPTIME hard. 

3 Monotonization 

In order to define a negation elimination procedure, the first idea is probably to reason like in the modal 
/r-calculus, and try to “push the negations to the leaves”. Indeed, there are De Morgan laws for all logical 
connectives, including abstraction and application, since 

-■((p y) = (“■<?) V and -i(AX'’''^.tp') = 

In the modal /r-calculus, this idea is enough, because the “negation counting” criterion ensures that each 
pushed negation eventually reaches another negation and both anihilate. This does not happen for HFL. 
Consider for instance the formula (p 4 = 

(^^Prop°^Prop_ ^pProp,0_ ^ ((fl)F))) T. 

The negation already is at the leaf, but (p 4 is not in negation normal form. By fixed point unfolding, 
one can check that (p 4 is equivalent to the infinite disjunct and thus could be expressed by 

/rXPr°P.[a]X. The generalization of this strategy for arbitrary formulas would be interesting, but it is 
unclear to us how it would be defined. 

We follow another approach: we do not try to unfold fixed points nor to apply jS-reductions during 
negation elimination, but we stick to the structure of the formula. In particular, in our approach a sub¬ 
formula denoting a function / is mapped to a subformula denoting a function f in the negation normal 
form. Note that even if / is not monotone, f must be monotone since it is a subformula of a formula in 
negation normal form. We call f a monotonization of /. 

Examples Before we formaly define monotonization, we illustrate its principles on some examples. 

First, consider again the above formula (p 4 . This formula contains the function AfP™'’ ®. (-iF) V 
(X ((a)F)). This function is unrestricted (neither monotone nor antitone). The monotonization of this 
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function will be the function ^yP''op,+ yP''°P^+ y ^ ((a)F)). To obtain this function, a duplicate Y of 

Y is introduced, and is used in place of -iF. Finally, the formula (^4 = 

(^^Prop^Prop^Prop^^FP^°P,F^™P.FV(X((a)F) (HF))) T T 

can be used as a negation normal form of <^ 4 . Note that the parameter T that was passed to the recursive 
function in tp^ is duplicated in with one duplicate that has been negated (the _L formula). 

More generally, whenever a function is of type T, we transform it into a function of type 

Ot^ —Tf that takes two arguments of type Ot (the translation of a). Later, when this function is 
applied, we make sure that its argument is duplicated, one time positively, the other negatively. 
Duplicating arguments might cause an exponential blow-up. For instance, for the formula tps = 

(AX^^P. X V {a)^X) ((Af'^''°P’°. F V {b)^Y) T) 

if we duplicated arguments naively, we could get the formula cp'^ = 

(AXP™P,X^™^ X V {a)X) ((AfP™p,F^'°^ F V {b)Y) T X) ((AfP™p,F^'°^ F A [b]Y) T X) 

where the original T formula has been duplicated. If it occurred underneath n + 2 applications of an 
unrestricted function, we would have 2” copies of T. We will come back to this problem in Section |4j 
Let us now observe how monotonization works for functions that are antitone. In general, if / is 
an antitone function, both the “negation at the caller” /i (x) = -'f{x) and the “negation at the callee” 
fiix) = f{~^x) are two monotone functions that faithfully represent /. Actually, both of them might be 
needed by our negation elimination procedure. 

Consider the formula <p 6 = 

(^y,Prop-^Prop,+ _^XP™P.F (^X)) (AFP^°P’-.-(a)F). 

In order to compute the negation normal form of <p 6 , we may represent AF^'^°P’^.-i(a)F by its “negation 
at the callee”, yielding the formula (p^ = 

(^y,Prop^Prop_^XP™P.FX) (AF^™P.[a]F). 

Conversely, consider the formula (pj = 

(^y,Prop-^Prop,-^ HX^rop x) . -(a)F). 


The only difference with is that the negation is now in front of F instead of X. In that case, “negation 
at the callee” does not help eliminating negations. But “negation at the caller” does, and yields the 
negation normal form tpj = 

(^^Prop^Prop_ ^^Prop^ ^ x) (AF^^P. (a)F). 

These examples suggest a negation elimination that proceeds along possibly different strategies in 
the case of an application tp t/r, depending on the semantics of tp and t/r. In the next section, we explain 
how the strategy is determined by the type of (p. For now, we focus on making more formal our notion 
of monotonization. 
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exp(Prop) 
exp(T+ —)■ a) 
exp(T^ —5- a) 

exp(T‘’ —> a) 


= Prop 

= exp(T)+ ^ exp (a) 

= exp(T)+ ^ exp (a) 

= exp(T)+ ^ exp(T)+ —> exp(a) 


exp(ri,r2) = exp(ri),exp(r2) 

exp(X+ : t) = : exp(T) 

exp(X^ : t) =X^:exp(T) 

exp(X° : t) =X+: exp(T),X^ : exp(T) 


Figure 2: Expansion of types and typing environments towards monotonization. 


Monotonization Relations We saw that our negation elimination bases on the ability to faithfully 
represent a predicate transformer (p by a monotone predicate transformer t/r; in this case, we will say that 
i/r is a monotonization of tp. We now aim at defining formally this notion. More precisely, we aim at 
defining the relation <3 such that (p <n/r holds if tp^ is a monotonization of (p. 

First of all, <i relates a formula of type T to a formula of type exp(T) as defined in Fig.|2j fhe number 
of argumenfs of cp is duplicafed if cp is unresfricfed, ofherwise if remains fhe same, and of course tp is 
monotone in all of ifs argumenfs. 

In Fig. 121 we also associafe fo every fyping environmenf F fhe fyping environmenf exp(r) wifh all 
variances sef to +, obfained afler renaming all variables wifh variance — in fheir bared version, and 
duplicating all variables wifh variance 0. In fhe remainder, we always implicifly assume fhaf we franslafe 
formulas and typing environments that do not initially contain bared variables. 

The relation < is then defined coinducfively, in a similar way as logical relations for fhe A-calculus. 
Fef /? be a binary relation among fyping judgemenfs of fhe form F h (p : T. The relation R is well-lyped if 
(F h (p : t) 7? (F' h (p': t') implies F' = exp(r) and z' = exp(T). When R is well fyped, we write (p/?r,T<P^ 
instead of (F h (p : t) 7? (F' h (p': t'). 

Definition 2 A binary relation R among typing judgements is a monofonizafion relation if it is well- 
typed, and for all formulas (p, (p',for all F, T such that (p7?r,T 

7. iftp, tp' are closed and T = Prop, then cp = cp'; 

2. ifr = r',X+ : a, then (AX^’+. (p)Rr,a+^t cp'); 

3. ifr = r',X- : a, then (p)Rr^c-^^ cp'); 

4. ifr = : a, then (p)Rv.a^^x tp'); 

5. if X = ^ V, then for all tp, tp' such that tpT^r.a ¥'> (<P V) (<p' '/); 

6 . if X = ^ u, then for all tp, tp', tp" such that tpRr^a W' tp' = -itp", (tp tp) 7?r,u (tp' tp").' 

7. ifx = a^^ V, then for all tp, tp', tp" such that tp7?r,(j V = {(p W) ^r,v {(p' v' W")- 

If (7?,),g/ is a family of monotonization relation, then so is U/e/^ti write <i for the largest mono¬ 
tonization relation. 

Example 2 Consider tp = (AX^''°P' . -iX). Then <P <lprop“^Prop (Ax'^'^°’’'^. X). Consider also tp = 
(AxP^p.O.xa^X). Then tp<] (AxP'°P’+,X^'°P'+. A) anr/tp< (AxP'°P’+,X^'°P’+. X AX). 
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tr+(T) = T 
tr-(T) = ± 
tr+(X) = X 
tr_(X) = X 
trvhv) = tr_v(V^) 
tr+{{a)\i/) = {a)tr+{\i/) 

tr_{{a)\if) = Htr_(v/) 


tr+(v/i VV/2) 
V v/2) 

trv(AX^’+. \ff) 
trv(AX'^’^. y) 
trv(AX"’0. y) 
tr+{pXT y) 

y) 


tr+{Yi)Xtr+{Y2) 
tr_(i/Ai) Atr_(vA2) 

t^iY) 
Ar"”''’, tr,(rt 

/ixexp{'^). tr+(l//') 


trv(V^i Y 2 ) 


trv(V^i) tr+('/^2) 
tfyiYi) E^iYi) 
tr,(i/^i) tr+(vA2) tr_(i//'2) 


if type{Yi/(p) = a+ T] 

iftype(v^i/(p) = a^^T] 

if type{Yi/(p) = a° T] 


Figure 3: Type-Directed Negation Elimination 


4 Negation Elimination 

Our negation elimination procedure proceeds in two steps: first, a formula tp is translated into a formula 
tr+((p) that denotes the monotonization of (p; then, tr^{(p) is concisely represented in order to avoid an 
exponential blow-up. 

The transformation tr+(.) is presented in Figure [3l The transformation proceeds by structural in¬ 
duction on the formula, and is defined as a mutual induction with the companion transformation tr_(.). 
Whenever a negation is encountered, it is eliminated and the dual transformation is used. As a conse¬ 
quence, wether tr+(.) or tr_(.) should be used for a given subformula depends on the polarity ifTSl of 
this subformula. 

Lemma 4 Let tp be a fixed closed formula of type Prop. For every subformula y of (p, let tr+(t/r) and 
tr_(t/r) be defined as in Figure\^ and let T \- y be the type judgement associated to Y hi the type 
derivation of tp. Then the following statements hold. 

1. exp(r) h tr+{Y) ■ exp(T) and exp(-ir) h tr_(v/) : exp(T). 

2 . Y"^r,T:ir+{Y) and Y<r,T^t^-{¥)- 

Proof: By induction on Y- We only detail the point 1 in the case of y = ¥1 ¥2 with type{Yi/tp) = 
— > T. Let us assume the two statements hold for Yi Y 2 by induction hypothesis. Let F be 
such that F h t/r : T, F h t/Tj : a T, and -iF h t //2 : a. By induction hypothesis, the judgements 
exp(r) h tr+{Yi) ■ exp(a^ —t) and exp(-i-ir) h tr_(v/ 2 ) : exp(a) are derivable. Since exp(a^ — 
t) = exp(a)+ ^ exp(T) and -i-iF = F, the typing rule for function application in the monotone case of 
Fig.[I]yields exp(r) h tr+{Yi) ti'-('P 2 ) : exp(T), which shows statement 1 for tr+(.). The case for tr_(.) 
is similar. □ 

Corollary 5 If tp is a closed formula of type Prop, then tp = tr+((p) and tr+((p) is in negation normal 
form. 

As observed in Section [3l the duplication of the arguments in the case v = 0 of the monotonization 
of (pY may cause an exponential blow-up in the size of the formula. However, this blow-up does not 
happen if we allow some sharing of identical subformulas. 

Let (p be a fixed closed formula. We say that two subformulas Yi Y 2 of ¥ ^0 identical if they 
are syntactically equivalent and if moreover they have the same type and are in a same typing context. 
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i.e. if the type derivation of q) goes through the judgements F,- h y/,: T,- for syntactically equivalent F,- and 
T, . For instance, in the formula 


^^j^Prop^Prop ^^^j^(Prop—)‘Prop)^(Prop—)-Prop) 


((^j^Prop^Prop j.) 


any two distinct subformulas are not identical (including the subformulas restricted to X). We call dag 
size of (p the number of non-identical subformulas of (p. 

Lemma 6 There is a logspace computable function share(.) that associates to every closed formula tp 
of dag size n a closed formula share((p) of tree size ff{n ■ |vars((p)|) such that (p = share((p). 

Proof: Let (p be fixed, and let (pi, % be an enumeration of all subformulas of (p such that if cp, 
is a strict subformula of (pj, then i < j. In particular, we must have (p = (p„. Pick some fresh vari¬ 
ables X\,X 2 ,... ,X„ G Var and let u, = type((p;/(p). For every i = \,...n, let Yi,ai,vi,.. .Yk,Ok,Vk 
be a fixed enumeration of the free variables of (pi, their types and their variances, and let A,(v^) = 
^ xj/ and @,(t/r) = y Yi ... Y^. Finally, let T, = aj* —. aj* —)• u,-. For every sub¬ 
formula y/ of (p, let ||yr|| be defined by case analysis on the first logical connective of y/: 

• if y/ = ip,- = rjY^. cpj, where 77 G {X,p,v}, then ||yr|| = A,(177'^. @j{Xj))-, 

• if yr = yt; = (pj(B(pk, where © G {V, A, application}, then ||yr|| = Xi[@ j{Xj) © @kiXk))', 

• if Y = (Pi = where ^ G (a), [a]}, then ||yr|| = Ai(<|k(@y(Xy))); 

• otherwise ||y),j| = Xi{(pi). 

Finally, let share(y)) = let Xp = ||y)i|| in let X^^ = \\(p 2 \\ in ... let X^f^ = ||y>„-i|| in ||y)„|| where 

let = yr in y/' is a macro for (AX^. yr') yr. Then share(y)) has the desired properties. □ 

Theorem 7 There is a logspace-computable function nnf(.) that associates to every closed HFLforniula 
(p (without variable masking) of type Prop a closed formula nnf(y)) such that 

1. (p = nnf(y)), 

2 . nnf(y)) is in negation normal form, and 

3. |nnf(y))| = (^(|y)| • |vars(y))|), 

where |yr| denotes the size of the tree representation ofyfii.e. the number of symbols in yrj, and vars(y)) = 
fv(y)) U bv(y)) is the set of variables that occur in y). 

Proof: Let nnf(y)) = share(tr_|_(y))). This function is logspace computable ( tr+(y)) can be computed 
“on-the-fly”) and nnf(y)) is of size ^(|y>| • |vars(y))|) by Figure|3]and Lemma[6l The formula tr+(y)) is 
in negation normal form, and share(.) does not introduce new negations, so nnf(y)) is in negation normal 
form. Looking back at Figure[3l it can be checked that its dag size is linear in the dag size of (p, so the tree 
size of nnf(y)) is linear in the tree size of (p. Moreover, nnf(y)) = tr+(y)) by Lemma|6l and tr+(y)) = (p 
by Corollary [5] □ 

5 Conclusion 

We have considered the higher-order modal fixed point logic 1201 (HFL) and its fragment without nega¬ 
tions, and we have shown that both formalisms are equally expressive. More precisely, we have defined 
a procedure for transforming any closed HFL formula (p denoting a state predicate into an equivalent 
formula nnf(y)) without negations of size ^(|y)| • |vars(y))|). The procedure works in two phases: in a 
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first phase, a transformation we called monotonization eliminates all negations and represents arbitrary 
functions of type T —> a by functions of type T —)■ T —)• a by distinguishing positive and negative usage 
of the function parameter. The price to pay for this transformation is an exponential blow-up in the size 
of the formula. If the formula is represented as a circuit, however, the blow-up is only linear. The sec¬ 
ond phase of our negation elimination procedure thus consists in implementing the sharing of common 
subformulas using higher-ordemess. Thanks to this second phase, our procedure yields a negation-free 
formula nnf((p) of size ff{s\ze{(p) • |vars((p)|), hence quadratic in the worst case in the size of the original 
formula tp. 


Typed versus Untyped Negation Elimination Our monotonization procedure is type-directed', the 
monotonization of tp y depends on the variance of tp, that is statically determined by looking at the type 
of tp. One might wonder if we could give a negation elimination that would not be type-directed. A way 
to approach this question is to consider an untyped conservative extension of the logic where we do not 
have to care about the existence of the fixed points - for instance, one might want to interprete pX.(p{X) 
as the inflationary “fixed point” Q- We believe that we could adapt our monotonization procedure to this 
setting, and it would indeed become a bit simpler: we could always monotonize (p Y “pessimistically”, 
as if tp were neither a monotone nor an antitone function. For instance, the formula p.X.{XY.Y) X would 
be translated into pX.{XY,Y.Y) X -<X. 

In our typed setting, it is crucial to use the type-directed monotonization we developed, because 
monotizing pessimistically might yield ill-typed formulas. In an untyped setting, a pessimistic mono¬ 
tonization is possible, but it yields less concise formulas, and it looses the desirable property that 
nnf(nnf((p)) = nnf((p). 

So types, and more precisely variances, seem quite unavoidable. However, strictly speaking, the 
monotonization we introduced is variance-directed, and not really type-directed. In particular, our mono¬ 
tonization might be extended to the untyped setting, relying on some other static analysis than types to 
determine the variances of all functional subformulas. 


Sharing and Quadratic Blow-Up The idea of sharing subterms of a A-term is reminiscent to im¬ 
plementations of A-terms based on hash-consing HI [TTl and to compilations of the A calculus into 
interaction nets ifT^ [T^ [TOl . We showed how sharing can be represented directly in the A-calculus, 
whereas hash-consing and interaction nets are concerned with representing sharing either in memory or 
as a circuit. We compile typed A-terms into typed A-terms; a consequence is that we do not manage to 
share subterms that are syntactically identical but have either different types or are typed using different 
type assumptions for their free variables. This is another difference with hash consing and interaction 
nets, where syntactic equality is enough to allow sharing subterms. It might be the case that we could 
allow more sharing if we did not compile into a simply typed A-calculus but in a ML-like language with 
polymorphic types. 

An interesting issue is the quadratic blow-up of our implementation of “A-circuits”. One might 
wonder wether a more succinct negation elimination is possible, in particular a negation elimination with 
linear blow-up. To answer this problem, it would help to answer the following simpler problem: given a 
X-term t with n syntactically distinct subterms, is there an effectively computable X-term t' of size ff{n) 
such that t =pr\t'l We leave that problem for future work. 
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